15 Items

Engima machine

Wikimedia

Paper - Hoover Institution Press

Nobody But Us

| Aug. 30, 2017

In the modern era, there is great convergence in the technologies used by friendly nations and by hostile ones. Signals intelligence agencies find themselves penetrating the technologies that they also at times must protect. To ease this tension, the United States and its partners have relied on an approach sometimes called Nobody But Us, or NOBUS: target communications mechanisms using unique methods accessible only to the United States. This paper examines how the NOBUS approach works, its limits, and the challenging matter of what comes next.

teaser image

Analysis & Opinions - Lawfare

The Real Lesson from the WannaCry Ransomware

| May 12, 2017

Lawfare and others have spent an enormous amount of time discussing the intricacies of the Vulnerabilities Equities Process (VEP). Many policy conferences have been dedicated to the matter, and an even greater number of Twitter debates. The topic, in its own way, serves as a proxy for what one thinks of broader issues in information security and signals intelligence.

Today’s so-called WannaCry ransomware attack reveals the stakes, but more importantly the limits, of that debate.

University of Michigan Journal of Law Reform

University of Michigan Journal of Law Reform

Journal Article - University of Michigan Journal of Law Reform

Making Democracy Harder to Hack

| Spring 2017 (Volume 50, Issue 3)

With the Russian government hack of the Democratic National Convention email servers and related leaks, the drama of the 2016 U.S. presidential race highlights an important point: nefarious hackers do not just pose a risk to vulnerable companies; cyber attacks can potentially impact the trajectory of democracies.

An overflow crowd listens to a panel discussion on the background and impact of Russian cyber attacks. (Bennett Craig)

(Bennett Craig)

- Belfer Center for Science and International Affairs, Harvard Kennedy School Belfer Center Newsletter

Russian Cyber Operations 2017

| Spring 2017

Cyber Security Project Director Dr. Michael Sulmeyer led a discussion on the future of Russian Cyber Operations with New York Times National Security Correspondent David Sanger, Director of the Center on the United States and Europe at the Brookings Institution Dr. Fiona Hill, and Cyber Security Project Fellow Dr. Ben Buchanan.

teaser image

Testimony - United States Senate

Prepared Testimony: The Modus Operandi and Toolbox of Russia and Other Autocracies for Undermining Democracies Throughout the World

| Mar. 15, 2017

Prepared Testimony and Statement for the Record of Ben Buchanan for the Subcommittee on Crime and Terrorism, United States Senate Committee on the Judiciary.

Server racks inside a data center at American Electrical Power headquarters in Columbus, Ohio, May 2015.

AP

Paper - Cyber Security Project, Belfer Center

The Legend of Sophistication in Cyber Operations

| January 2017

In a drumbeat of news stories and corporate press releases, one phrase has dramatically grown in use over the last decade: “sophisticated cyber attack.” These words have been used to describe specific intrusions into telecommunication providers, insurance companies, social media hubs, banks, the Pentagon, a host of security firms, government agencies, research labs, movie studios, and much more. It seems the world is awash in sophisticated network intrusions. 

But if everything is sophisticated, nothing is. This paper unpacks “sophistication” in cyber operations, exploring what it means, and what it should mean, for an operation to attain such a status. It examines the incentives for victims and observers to overstate the sophistication of other actors. Additionally, it offers a more rigorous framework for defining the term that takes into account technical and operational factors. But deploying the lens of sophistication by itself can be misleading; this paper also explores the incentives some actors have to deploy less sophisticated capabilities.